Skip to main content

Bert-VITS2 CVE-2026-8755

| EUVDEUVD-2026-30701 MEDIUM
Path Traversal (CWE-22)
2026-05-17 cna@vuldb.com GHSA-6w22-457x-2p92
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 17, 2026 - 13:30 vuln.today

DescriptionCVE.org

A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handler. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in fishaudio Bert-VITS2's hiyoriUI.py allows unauthenticated remote attackers to access arbitrary files outside the intended model directory via the _get_all_models function. Public exploit code exists (GitHub Gist). The project uses rolling releases with no versioned patches, and the vendor has not responded to disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.

Technical ContextAI

Bert-VITS2 is a text-to-speech synthesis framework leveraging BERT and VITS2 models. The vulnerability resides in hiyoriUI.py's _get_all_models function within the Model Handler component, which processes model file paths. CWE-22 (Path Traversal) indicates insufficient sanitization of user-supplied path input, allowing directory traversal sequences (e.g., '../') to escape the intended base directory. The CVSS vector (AV:N/AC:L/PR:N) confirms network-accessible exploitation requiring no authentication or complex setup. This class of vulnerability commonly arises in web-facing file management interfaces that fail to canonicalize paths or validate against a safe root directory.

RemediationAI

No vendor-released patch identified at time of analysis due to maintainer non-response and rolling release model. Users must monitor the fishaudio/Bert-VITS2 GitHub repository for commits addressing path traversal in hiyoriUI.py's _get_all_models function. Immediate compensating controls: restrict network access to the hiyoriUI interface using firewall rules (allow only localhost/127.0.0.1) to eliminate remote attack vector-this reduces CVSS from 5.5 to effectively local-only risk. Deploy behind reverse proxy with strict path validation middleware that blocks directory traversal sequences. Implement application-level controls: validate all file paths against an allowlist of model directories and reject requests containing '../', absolute paths, or symbolic links. Trade-off: restricting network access breaks legitimate remote model management workflows. Long-term: consider forking the project or migrating to actively maintained TTS frameworks if vendor remains unresponsive.

Share

CVE-2026-8755 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy